it operations management in thed2zmdbbm9feqrf.cloudfront.net/2015/eur/pdf/brknms-1036.pdf · it...

IT Operations Management in the SDN Era – Prime Infra with APIC-EM

BRKNMS - 1036

Phil Casini, Director, Product Management

Ronnie Ray, Sr. Director, Product Management

© 2015 Cisco and/or its affiliates. All rights reserved.BRKNMS-1036 Cisco Public

Agenda

• Introduction to Campus / Branch SDN

• Evolution to SDN led IT Operations

• SDN led Provisioning

• SDN led Monitoring and Assurance

• SDN led IT Process Automation

• SDN led Management Product Packaging

• Conclusion

3

© 2015 Cisco and/or its affiliates. All rights reserved.BRKNMS - 1036 Cisco Public

Industry Transforming to Solutions Networking

Piece Parts Delivery Model Must Evolve to a Business Solutions Model to Re-align with Today’s Operations Drivers and Network Complexities

Rapid IT Expansion Driver

Delivery Model Shifts to Realign

OPEX Reduction +

LOB Agility Drivers

Business Applications and

Networking Components offered

With “Some Assembly Required”

Seamlessly Fused Business Applications

And Networking Components

“Out of the Box”


This Transformation is Anchored in SDN(Abstractions and Intent Policies)

REST

API

Plug &

Play

SDN Model Adds the Essential Ingredients that Makes

Solutions Networking Possible for Complex Networks

SDN Stack Model•Simplicity via Controllers (one manageable source of truth to base network

changes)

•Automation via Apps (rapid translation of intended business outcomes to

required network behavior)

•Flexibility via Loosely Coupled Abstractions (harmonizes disparate network pieces to create a

network as a “system”)


Transformation Innovation

Manual Automated

Device by device Network-wide

Configuration Policy

Closed Systems Open and Programmable

Network Data Business Intelligence

New Installations Legacy + New Installations

Fast IT: The Effect of Solutions Networking

Enterprise Networks Become More Agile, Effective, and Efficient to Operate


PUBLISHED REST APIs

Cisco Fast IT: Leading This Enterprise Transformation

SECURITY COLLABORATION ORCHESTRATIONSERVICES WAN

UNIVERSAL NETWORK ELEMENT PLUG AND PLAY LAYER

CATALYST NEXUS ASRISR WIRELESSASA

NON CISCO NETWORK ELEMENTS

CO

MP

LE

TE

EN

D T

O E

ND

SO

LU

TIO

NS

Application Centric Infrastructure (ACI) Compatible

Software Driven Enterprise Network Control and Management Platform

A New Software Driven Platform for Solutions Development


Network Control and Management Are Foundational…

…Components of the Platform for Building Applications

NETWORK MANAGEMENT AS A SYSTEM OF RECORD

ONE TRUTH SOURCE AS A

SYSTEM OF CHANGE

ACI Single Policy Enterprise Platform

APIC

EM

REST APIs

BUSINESS INTENT APPLICATIONS

NETWORK

CONTROL

NETWORK

MANAGEMENT

Evolution to SDN Led Management


Common Policy Model from Branch to DC

10

Consistent Policy Across Cloud, DC, WAN and Access

Cloud Data Center WAN Access

APIC APICAPIC APIC


Changing Nature of IT Ops with SDN led Management

Traditional Management SDN Led Management



Management

(NMS)

NE NE NE NE

Customer developed

provisioning tools, manual CLI

changes, and run book

automation for IT Operations

support




Management

(NMS)

NE NE NE NE

Customer developed




support

Controller

(APIC-EM)

Management

(Provisioning and Assurance)

Automation

(Workflow / Orchestration)

NE NE NE NE

Customer input on business /

service intent




Management

(NMS)

NE NE NE NE

Customer developed




support

Controller

(APIC-EM)

Management


Automation


NE NE NE NE


service intent


Feature

Configuration



Management

(NMS)

NE NE NE NE

Customer developed




support

Controller

(APIC-EM)

Management


Automation


NE NE NE NE


service intent


Feature

Configuration

Policy

Automation


Systemic View of Management / Control Roles

Network Infra

Owns the communication to/from the network and drives programmability

Stores, processes and visualizes all historical data for monitoring

and network change

Orchestrates sequential changes and enables IT process execution


Cisco Management Tool Portfolio for the Campus/Branch in 2014

Common Controller Layer

For Campus/Branch

Feature Configurable

Provisioning

Common Monitoring / Assurance

Common Automation LayerSystem of

Automation

System of Record

System of Change

NE NE NE NE NE

No Controller Existed in 2014

Prime Infrastructure


Manual or Custom Scripted

by Customers / Partners

NE NE NE NE NE


Masking Network Complexity, Exposing Network Intelligence

Cisco APIC-EM: Campus/ Branch Controller

Software or Appliance

BasedNB RESTful APIs

Existing and New

Device Support

Agile

Integration Model


Key Milestones to SDN Led Management Evolution in 2015

Q1 2015 Mid-2015 Q4 2015

APIC-EM CA

Path Visualization application for

network path tracing

APIC-EM GA

Scalable controller foundation

supporting multiple use case / apps

APIC-EM Updates

Expanded application support across

multiple enterprise use cases

Prime Infra 2.2 FCS (Dec 2014)

Cross domain monitoring across WAN, Access, DC

Prime Infra Niihau

Integration with APIC-EM for core

network service automation

Prime Infra Lanai

Integration with APIC-EM and

Automation as System of Record

APIC EM Apps

IWAN App GA with dynamic QoS

changes; BSA app EFT

APIC-EM Apps

Multiple apps across Wireless, Access,

Collab, Security and Automation

APIC-EM Apps

IWAN app EFT with policy based provisioning of Secure WAN


Cisco Controller and Management System Portfolio for the Campus/Branch in 12-24 Months

Common Controller Layer

for Campus/ Branch

Policy

Prescriptive

Provisioning

Feature

Configurable

Provisioning

Common Monitoring / Assurance

Common Automation LayerSystem of

Automation

System of Record

System of Change

NE NE NE NE NE

APIC-EM

Multiple APIC-EM

Apps

Prime

Infrastructure


Branch Service Automation

NE NE NE NE NE


Two Modes of System of Change Programmability with NB APIs

POLICY PROGRAMMABILITY

• Intent based policy abstraction of network wide device configuration with embedded CVDs and best practices

• Network programmability through NB API’s for policy deployment and telemetry access

• Rich selection of policy prescriptive apps that can be complemented with custom applications to suit organization needs

• Needs clear understanding of intent rather than deep Network Engineering expertise

FEATURE PROGRAMMABILITY

• Traditional mode of network management focused on custom network design and individual feature configuration and deployment

• Network programmability through REST API’s for feature configuration and monitoring data

• Gradual progression into SDN-led automation through Zero Touch Deployment, Secure key automation and other core network services

• Needs deep technical expertise in Network Engineering (design) and IT Ops (deployment)

21

Direction of market evolution with need for greater simplicity, agility and automation.


Two Deployment Modes for SDN led Provisioning with Distinct Network Scope

APIC-EM

Common Controller Layer Across the Enterprise

FEATURE CONFIGURABLE NMS with APIC-EM


Prime Infra NMS integrated with APIC-EM

providing full GUI based configuration and

FCAPS management orchestrated by the

System of Automation

Customer,

Partner or 3rd

party

developed

Automation

Custom apps utilizing feature programmability via Prime NB APIs for configuration and data

POLICY PRESCRIPTIVE APPS on APIC-EM

IWAN Access Wireless.

.

CollabSegme

ntation

Threat

Defense

.

.

Cisco developed modular, policy

automated management apps with

common UI/UX framework with and

embedded service automation

Customer,

Partner or 3rd

party

developed

Apps

Custom apps utilizing

policy programmability

via APIC-EM NB

REST APIs

Device Scope A Device Scope B


Core Value of Different System of Change Approaches

POLICY PRESCRIPTIVEFEATURE CONFIGURABLE

Massive Simplification

Policy Automated

NO CLI Changes

Customizable Templates

Guided Workflows

Full CLI Access


Policy Maturity to Cover Enterprise System of Change Use Cases will Evolve

policy

traditionalconfigura

tion

traditional

policy policy

Controller-based Automation ACIToday

traditional

Policy based

Configuration:

Dynamic, able to

be automated,

managed by the

controller;

Policy grows,

static shrinks

Time

SDN Led ProvisioningPolicy Based Automation


Cisco Intelligent WAN App for APIC-EM

Business Policy Dictates Network Action

IT Admin

Business

Policy:

App SLA

APP DMVPN

SLA

QoS

Security

Path

Selection

Access Application

Network Profile

NETWORK

SDN

Simple Workflow

Templates

Zero Touch

ProvisioningBusiness

Level Policies

Open

Architecture

Network, Applications

Monitoring


Site topology choices in IWAN app


Link type selection in

IWAN app


Application priority policy setting in IWAN app

SDN Led ProvisioningFeature Configuration


Step 1: Start IWAN Workflow

31

Guided Workflow to

help design and deploy

IWAN on your branch

or hub


Step 2: Role Selection

32

Select the PIN (hub or branch)

Identify the device role

Select the IWAN features to be configured:

• DMVPN

• PFR

• AVC

• QOS


Step 3: Device Selection

33

Select the devices

- Hub device

- Branch devices

by location

- Enables

configuration of

more than one

branch


Step 4: DMVPN Configuration

34

DMVPN Configuration

- Can be part of Hub or

Spoke configuration


Step 5: PfR Configuration

35

PfR Configuration

- PfR Policy on Hub

- PfR at the spoke with

reference to MC

- Out of the Box 3 class

model


Step 6: Quality of Service Configuration

36

QoS Configuration

- On the hub (8 class

model)

- On the spoke (8 class

model)

- NBAR based

classification and

shaping


Step 7: AVC Configuration

37

AVC Configuration

- Pick and choose the

technologies to enable

- Out of the box Cisco

CVD design

SDN Led Monitoring and Assurance


Cisco Prime Infrastructure One Management from the Branch to the Datacenter

Convergence Consolidation Cisco Advantage

LifecycleConverged Management with

Integrated Best Practices

AssuranceEnd-to-End Application

Experience and Visibility

Data

CenterSimplified Operations

Management


Full Support of Cisco WAN/Access Infrastructure

Unified Access On-Premise Meraki IWAN

5760

Large Campus Controllers Switching Platform

Catalyst

Stackable Switches

3850 36505508

1700

Small to Midsize

Enterprise

2700 w/HDX

Feature-Optimized

Enterprise

3700 w/HDX

High-Density

Enterprise

1530

Low

Profile

1550

Larger

Deployments

1570

High

Powered

IOS-XE 3.7IOS-XE 3.6CUWN 8.0

NEW

Wired

Components

Available in

Future Release

MR1

2*

800 1900 2900

3900 4300 4400

UCS

1000 1001 1002

1004 1006 1013

ISR

ASR

MR3

4*

MR2

6*

MR1

8*


Full Coverage of Datacenter Infrastructure

Edge Network

Core and Distribution

Compute and Storage

Network Services

Virtualized Network Services

ASR 9000/1000

Nexus 9000, Nexus 7000/5000, Nexus

3000, Nexus 2000, CAT 6500, 6800

UCS B and C Series, MDS Switches

ASA, CAT 6500 w/FWSM

CSR1000v, Nexus 1000v, VSG, vASA,

vNAM, vWAAS


Rich Interface for Visualization and Troubleshooting

Grey: Disconnected AP

Yellow: AP w/

unresolved non-critical

alarms

Red: AP w/ critical

alarms

Active rogue APs

802.11u location

specific service

Zoom & Pan controls


Application Visibility Across the Enterprise


Cisco ASR

NBAR2, AVC, Medianet

NBAR2SNMP/CLI Polling

WAAS NBARMEDIANETPASPAN/ ERSPAN

Netflow

Cisco 6800 & NAM Blade

Netflow, MediaNet

Wireless Controllers

NBAR2

Cisco ISR & NAM on SRE

NBAR2, PA, Medianet

Cisco Catalyst 3850-X w/ 3K-X 10G

Netflow, MediaNet

NAM Appliance (23XX)NBAR2, Voice, ART, SPAN, ERSPAN

Netflow, NAM module

NGA 3240

Netflow, SPAN, ERSPAN

AP 3700

NBAR2


Service Health for Sites, Users and Applications

• Automated Base lining

• Proactive Performance Troubleshooting

• Service Health Dashboard

• AVC Configuration for ISR/ASR

• One-click AVC Configuration

• AVC Monitoring Customization

• NBAR2 Custom Applications

• Embedded Packet Capture for ASR

• Top URL/Domain Views


• Simplified troubleshooting and remediation improves application, services and end user experience

• Brings together multiple sources of information for effective problem isolation

• Quick “Prime 360” Views:

• User 360: Quickly isolate and fix end-user or end-point issues

• Device 360: Identify and fix device related problems

• Interface 360: Identify application load and related stats

User 360 Views and Diagnostics


Network Topology Visualization


UCS Blade Server – 360 View

47


Virtualization Management

SDN Led IT Process Automation


Introducing Branch Service Automation

• Design, catalog, deploy with zero touch and automatically manage different branch types including IWAN, Access and WLAN architectures

• The value of Branch Service Automation is to dramatically reduce TCO of large-scale Branch roll out across 10’s to 1000’s of sites

– Automation

– Operational consistency

– Compliance to security and application policy


Branch Service Automation

Branch Service Automation in the Enterprise Stack

System of Record:• Knowledge Repository

• Service Monitoring

• Trending and Reporting

• Troubleshooting

System of

Automation: • Branch Design

• Prescriptive or

Customizable

• Service Ordering

• Service Provisioning

System of Change:• Network abstraction

• Configuration and

Change

• Policy resolution and

enforcement

Branch

Infrastructure

(Physical / Virtual)

APIC-EM

NE NE NE NE

Enterprise Service Design (Knowledge Pack Integration)

Configuration Automation for Approvals and Provisioning

NE

Configuration Change and Policy Compliance

Network Services Automation

Prime InfrastructureCVD based Knowledge Pack repository

Automated Service Monitoring, Reporting and Historical Analytics


Branch Service Automation – Process Architecture

Service

Design

Service

CatalogService

Request

Service

Provisioning

Service

Management

• Branch Design for

Wireless, Routing

and Switching

• Embedded CVD

best practices

• Custom and

prescriptive designs

• User, Application,

Security, Access

and Quality of

Experience policy

definition

• Branch designs

(e.g. Small,

Medium, Large)

committed to

Service Catalog as

a service offering

• Setting up of

business entities

and groups for

which services can

be ordered

• Ordering of Branch

type when new site(s)

or new services are

needed

• Approval workflow

with embedded test /

validation

• SLA definition for

branch users and

applications

• Orchestration of

devices and

network services

enablement for the

Branch using PnP

and PKI

Automation on

APIC-EM

• APIC-EM led

Policy compliance

enforcement

Network Architect,

Security Admin

Network Architect,

Security AdminNetwork Operations,

Application Admin

Network Operations,

Security Operations

Network Operations,

Security Operations

• Business and

Service level dash

boarding / reporting

for Network, SLA’s,

Security Status and

Changes

• Drill down into

events, monitoring

and analytics tools

for troubleshooting

Ro

leP

roc

es

s

SDN Led Management Product Packaging


Data Center WAN Access

WAN Switching WirelessComputeNetworking

Cisco ONE Software Suites

Threat Defense for Data Center

Threat Defense for WAN

Identity Services for Access

Advanced

Security

Data Center

Fabric

Enterprise

Cloud SuiteWAN Collaboration

Campus Fabric

AdvancedMobilityServices

Advanced

Application

Foundation for Networking

Foundation for Compute

Foundation for WANFoundation

for SwitchingFoundation for Wireless

Foundation


Common Licensing to Ease Evolution into SDN Led Management

55

APIC-EM as a platform with a set of published apps and NB API’s will be available for

free on Devnet

This will enable ISVs, Partner and your internal teams to build their own custom applications based on policy

programmability

Both traditional and SDN led applications for a particular device domain will be offered

in a single license as part of Cisco ONE or a la carte

For example, Prime Infrastructure Lifecycle & Assurance AND IWAN App on APIC-EM will be part of the WAN

foundation offer for the Routing domain

This will enable phased adoption at a pace that works for your organization without

additional cost

For example, policy prescriptive apps could be used for deployment in simpler branch types first and then

moved to more complex branch types as policy maturity evolves

Conclusion


ConclusionCisco’s SDN Led IT Operations Management will :

57

Empower IT Ops to manage the Network as a System, not as a collection of resources

Drive massive simplicity through intent based policy automation

Deliver application-centric visibility from the Branch to Datacenter

Support existing and new devices for full investment protection

Offer open, programmable API’s for bespoke innovation

Realize cost savings from automation and abstraction

Require new skills in intent based and programmable network management


Call to Action• Visit the World of Solutions for

– Cisco Campus: EN and ACI areas for Prime Infra and APIC-EM Demos• Lifecycle Management of Wired and Wireless Networks

• Software Defined WAN with Prime Infrastructure and APIC-EM

• SDN for Branch Service Automation (Prime Infrastructure & Plug and Play: routing & switching)

• SDN and Collaboration Solutions (APIC-EM MapCollab with EasyQOS)

• SDN and Network Security (APIC EM &SourceFire, MACsec integration)

– Walk in Labs – LABNMS-2999 (Converged Access and Prime)

– Whisper Suites: Get in touch with your Cisco Account/Partner team to schedule 1-0-1 meetings with Product Teams at SDN and Network Transformation Whisper Suites

• DevNet zone related labs and sessions

• DevNet-1007: API Deep Dive: APIC EM Rest API

• DevNet-1044: Create a Hello World with APIC EM APIs

• DevNet-1022: Let’s discuss: Cisco’s Controllers – Why, What, How, When

• Recommended Reading: for reading material and further resources for this session, please visit www.pearson-books.com/CLMilan2015

58

http://www.pearson-books.com/CLMilan 2015


Complete Your Online Session Evaluation

• Please complete your online sessionevaluations after each session.Complete 4 session evaluations& the Overall Conference Evaluation(available from Thursday)to receive your Cisco Live T-shirt.

• All surveys can be completed viathe Cisco Live Mobile App or theCommunication Stations

59

it operations management in thed2zmdbbm9feqrf.cloudfront.net/2015/eur/pdf/brknms-1036.pdf · it...

Documents